Intensive data protection course

GDPR Data Privacy Professional (GDPR DPP)

GDPR data protection training and certification

Online live training on European data protection and GDPR compliance, conducted by a seasoned and certified information privacy practitioner


The GDPR DPP course was specifically created for individuals who are looking to establish themselves as professionals in the field of data privacy. The GDPR DPP course teaches practical data privacy skills. It helps people advance in their careers and make a difference in data protection.

The course is taught live on Zoom for better interaction between students and an instructor. Between the teacher-guided sessions, you will receive practical tasks to reinforce the information you’ve acquired and convert conceptual comprehension into applicable abilities.

After finishing the course and passing tests, participants will receive a GDPR Data Privacy Professional Certificate (GDRP DPP). This certification proves your data privacy knowledge and skills.

You will learn important tools and strategies to navigate data privacy effectively. This will help you protect the personal information your company has collected.

Course methodology

GDPR DPP training is highly engaging and interactive, with a focus on hands-on learning. You will have the opportunity to engage in group discussions, practical exercises, and case studies to apply the concepts they are learning in real-world scenarios.

The course materials include diagrams, documents, flowcharts, and templates for students to use. Our team used their 5+ years of consulting experience to create practical and relevant materials for professionals in the field.

This practical approach improves learning and helps participants develop skills they can use right away in their jobs.

By the end of the course,
participants will be able to:


Define categories of personal data.


Navigate data protection laws and regulations.


Apply data protection principles to processing activities.


Fulfill rights of data subjects.


Determine the lawful basis for processing activities.


Allocate the roles and responsibilities of data processing​.


Handle data breach notifications.


Choose appropriate technical and organizational measures of information security.


Use proper mechanisms for cross-border transfers of personal data.

Target audience


​Сompliance officers and lawyers


Information security officers




Software developers


Human resource managers


Database administrators





This course is also suitable for Data Protection Officers who seek to become certified or update their knowledge with the latest laws.

Target competencies

Anyone who works with personal data must ensure compliance with data protection laws and international regulations. The course guarantees that candidates are familiar with data protection terminology and privacy concepts and capable of applying them in practice.

Data Protection
Information Security
Policy Creation
HR and Recruitment


February 26 - March 13


  • Concepts of privacy, data privacy, data protection. Types of privacy.
  • Review of existing data privacy laws, standards and regulations
  • Сases, court precedents, guidelines in information privacy
  • The Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data №108
  • Directive 96/46
  • Overview of present regulatory framework of data protection in EU (GDPR+)
  • History of EU General Data Protection Regulation (GDPR)
  • Territorial and material scope of GDPR
  • Structure of GDPR text (recitals, business related articles etc)
  • Overview GDPR related acts
  • National data privacy legislation
  • Legal precedents
  • Guidelines and opinions of Article 29 Working Group (Art29WP) / European Data Protection Board (EDPB)
  • Guidelines of national supervisory authorities (SAs)
  • Overview of risks, fines, responsibilities related to personal data processing
  • Mapping of the different data protection laws to the rules applicable in EU.
  • The concepts of personal data (PD), identifier, data subject
  • Formula of Persomal Data “(id-x)+info”
  • Cases of (non-)personal data
  • Biometric data
  • The concepts of personal data (PD), identifier, data subject
  • Formula of Persomal Data “(id-x)+info”
  • Cases of (non-)personal data
  • Biometric data
  • Transparency of processing
  • Purpose limitation
  • Data minimisation
  • Storage limitation
  • Accuracy
  • Integrity and confidentiality
  • Accountability
  • The 7 foundational principles of privacy by design by Ann Cavoukian
  • Privacy by Default
  • Privacy embedded into design
  • Full functionality – positive-sum
  • End-to-End Security – Lifecycle Protection
  • Consent
  • Conditions for consent
  • Getting consent in UX
  • Contract
  • Legal obligation
  • Vital interest
  • Public interest
  • Legitimate interest
  • Balancing test of Legitimate Interest Assessment (LIA)
  • Modalities for exercise of the rights of the data subject
  • Right to information about processing
  • Right to access personal data
  • Right to rectification
  • Right to restriction of processing
  • Right to be forgotten
  • Right to data portability
  • Right to object
  • Right to not be subject of automated decision-making
  • Data subject’ rights restriction
  • Case “Nightmare letter from data subject”
  • Check-box approach vs risk based approach
  • Concept of risk
  • Risk likelihood and severity
  • GDPR terminology related to risks (high risk, likely etc)
  • Data Protection Impact Assessment (DPIA) requirement under GDPR
  • When DPIA is mandatory
  • BIA (Business Impact Assessment) or SIA (Security Impact Assessment) as triggers for DPIA
  • General approach to conduct DPIA
  • Describing processing operations, personal data and supporting assets
  • Legal and risk-treatment controls
  • Risk sources, feared events, threats and risks
  • Tools for Data Protection Impact Assessment
  • GDPR requirements to information security
  • Data breach notification of supervisory authorities and data subjects
  • Technical and organisational measures of managing information security risks
  • Overview of GDPR rules on cross-border data flow
  • Documenting international transfers of personal data
  • Data Processing Agreement
  • Binding Corporate Rules
  • Standard Contractual Clauses
  • Codes of conduct and certifications
  • Derogations relating to cross-border data transfers for specific situations
  • Representative in EU
  • Data Protection Officer / DPO


Siarhei Varankevich

Siarhei Varankevich


Founder of DPO Europe GmbH. Data Protection Trainer and Principal Consultant.
MBA, Certified Information Privacy Professional (CIPP/E), Certified Information Privacy Manager (CIPM), Certified Information Privacy Technologist (CIPT).

Get a special offer

Fill out the form and we will contact you as soon as possible!

Contact Sales

Learn what Data Privacy Office Europe can do for you.

Fill out the form and we will contact you as soon as possible!

Sign up

Fill out the form and we will contact you as soon as possible!